diff --git a/otc/dev.t09.de/stacks/core/dex/values.yaml b/otc/dev.t09.de/stacks/core/dex/values.yaml index 8a2a79d..c3e842a 100644 --- a/otc/dev.t09.de/stacks/core/dex/values.yaml +++ b/otc/dev.t09.de/stacks/core/dex/values.yaml @@ -34,6 +34,11 @@ envVars: secretKeyRef: name: dex-argo-client key: clientSecret + - name: FORGEJO_RUNNER_SIZER_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: dex-runner-sizer-client + key: clientSecret - name: LOG_LEVEL value: debug @@ -74,3 +79,8 @@ config: - "https://grafana.dev.t09.de/login/generic_oauth" name: "Grafana" secretEnv: "OIDC_DEX_GRAFANA_CLIENT_SECRET" + - id: ci-sizer + name: "CI Sizer" + redirectURIs: + - "https://sizer.dev.t09.de/ui/callback" + secretEnv: "FORGEJO_RUNNER_SIZER_CLIENT_SECRET" diff --git a/otc/dev.t09.de/stacks/forgejo/forgejo-server/values.yaml b/otc/dev.t09.de/stacks/forgejo/forgejo-server/values.yaml index 4c35c43..ec901a0 100644 --- a/otc/dev.t09.de/stacks/forgejo/forgejo-server/values.yaml +++ b/otc/dev.t09.de/stacks/forgejo/forgejo-server/values.yaml @@ -137,6 +137,9 @@ gitea: ENABLED: true ADAPTER: redis + security: + GLOBAL_TWO_FACTOR_REQUIREMENT: admin + service: DISABLE_REGISTRATION: true ENABLE_NOTIFY_MAIL: true diff --git a/otc/dev.t09.de/stacks/garm/garm.yaml b/otc/dev.t09.de/stacks/garm/garm.yaml index 43c7d4e..3754f9a 100644 --- a/otc/dev.t09.de/stacks/garm/garm.yaml +++ b/otc/dev.t09.de/stacks/garm/garm.yaml @@ -20,7 +20,7 @@ spec: sources: - repoURL: https://edp.buildth.ing/DevFW-CICD/garm-helm path: charts/garm - targetRevision: v0.0.12 + targetRevision: v0.0.15 helm: valueFiles: - $values/otc/dev.t09.de/stacks/garm/garm/values.yaml diff --git a/otc/dev.t09.de/stacks/garm/garm/values.yaml b/otc/dev.t09.de/stacks/garm/garm/values.yaml index eebfcf1..ef70339 100644 --- a/otc/dev.t09.de/stacks/garm/garm/values.yaml +++ b/otc/dev.t09.de/stacks/garm/garm/values.yaml @@ -26,7 +26,7 @@ credentials: image: repository: edp.buildth.ing/devfw-cicd/garm-forgejo - tag: v0.1.7-forgejo-3 + tag: v0.1.7-forgejo-21 providerConfig: edgeConnect: @@ -37,8 +37,9 @@ providerConfig: name: Hamburg organization: TelekomOP edgeConnectK8s: + pendingTimeout: "5m" sizer: - sidecarImage: edp.buildth.ing/devfw-cicd/forgejo-runner-sizer-collector:latest + sidecarImage: edp.buildth.ing/devfw-cicd/ci-sizer-collector:latest sidecarPushEndpoint: https://sizer.dev.t09.de/api/v1/metrics baseUrl: "https://sizer.dev.t09.de" readToken: diff --git a/otc/dev.t09.de/stacks/garm/sizer-receiver/deployment.yaml b/otc/dev.t09.de/stacks/garm/sizer-receiver/deployment.yaml index 91a1049..dd918d5 100644 --- a/otc/dev.t09.de/stacks/garm/sizer-receiver/deployment.yaml +++ b/otc/dev.t09.de/stacks/garm/sizer-receiver/deployment.yaml @@ -16,9 +16,11 @@ spec: labels: app: sizer-receiver spec: + securityContext: + fsGroup: 65534 containers: - name: receiver - image: edp.buildth.ing/devfw-cicd/forgejo-runner-sizer-receiver:latest + image: edp.buildth.ing/devfw-cicd/ci-sizer-receiver:latest imagePullPolicy: Always args: - --db=/data/metrics.db @@ -37,6 +39,34 @@ spec: secretKeyRef: name: sizer-tokens key: hmac-key + - name: GARM_URL + value: "http://garm.garm.svc.cluster.local:80" + - name: GARM_USER + value: "admin" + - name: GARM_PASSWORD + valueFrom: + secretKeyRef: + name: garm-fixed-credentials + key: admin_password + - name: RECEIVER_OIDC_ISSUER + value: "https://dex.dev.t09.de" + - name: RECEIVER_OIDC_CLIENT_ID + value: "ci-sizer" + - name: RECEIVER_OIDC_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: sizer-oidc-client + key: client-secret + - name: RECEIVER_OIDC_REDIRECT_URI + value: "https://sizer.dev.t09.de/ui/callback" + - name: RECEIVER_SESSION_TTL + value: "12h" + - name: RECEIVER_ALLOWED_ORG + value: "DevFW" + - name: RECEIVER_CPU_SIZING_MODE + value: "observe" + - name: RECEIVER_MEMORY_QOS + value: "guaranteed" volumeMounts: - name: data mountPath: /data diff --git a/otc/edp.buildth.ing/stacks/forgejo/forgejo-server/values.yaml b/otc/edp.buildth.ing/stacks/forgejo/forgejo-server/values.yaml index 2b64cca..c9e7a8a 100644 --- a/otc/edp.buildth.ing/stacks/forgejo/forgejo-server/values.yaml +++ b/otc/edp.buildth.ing/stacks/forgejo/forgejo-server/values.yaml @@ -137,6 +137,9 @@ gitea: ENABLED: true ADAPTER: redis + security: + GLOBAL_TWO_FACTOR_REQUIREMENT: admin + service: DISABLE_REGISTRATION: true ENABLE_NOTIFY_MAIL: true @@ -177,4 +180,4 @@ image: # rootless: true fullOverride: observability.buildth.ing/devfw-cicd/edp-forgejo:14.0.2-edp1-rootless -forgejo: {} \ No newline at end of file +forgejo: {} diff --git a/otc/edp.buildth.ing/stacks/garm/garm.yaml b/otc/edp.buildth.ing/stacks/garm/garm.yaml index ab493b2..1a44c7c 100644 --- a/otc/edp.buildth.ing/stacks/garm/garm.yaml +++ b/otc/edp.buildth.ing/stacks/garm/garm.yaml @@ -20,7 +20,7 @@ spec: sources: - repoURL: https://edp.buildth.ing/DevFW-CICD/garm-helm path: charts/garm - targetRevision: v0.0.7 + targetRevision: v0.0.11 helm: valueFiles: - $values/otc/edp.buildth.ing/stacks/garm/garm/values.yaml diff --git a/otc/edp.buildth.ing/stacks/garm/garm/values.yaml b/otc/edp.buildth.ing/stacks/garm/garm/values.yaml index 7ad8f26..7c4eccc 100644 --- a/otc/edp.buildth.ing/stacks/garm/garm/values.yaml +++ b/otc/edp.buildth.ing/stacks/garm/garm/values.yaml @@ -26,7 +26,7 @@ credentials: image: repository: observability.buildth.ing/devfw-cicd/garm-forgejo - tag: v0.1.7-forgejo-1 + tag: v0.1.7-forgejo-21 providerConfig: edgeConnect: @@ -36,6 +36,9 @@ providerConfig: cloudlet: name: Hamburg organization: TelekomOP + edgeConnectK8s: + sizer: + sidecarImage: edp.buildth.ing/devfw-cicd/ci-sizer-collector:0.0.4 garm: logging: diff --git a/otc/edp.buildth.ing/stacks/garm/optimiser-receiver.yaml b/otc/edp.buildth.ing/stacks/garm/sizer-receiver.yaml similarity index 84% rename from otc/edp.buildth.ing/stacks/garm/optimiser-receiver.yaml rename to otc/edp.buildth.ing/stacks/garm/sizer-receiver.yaml index 4fd45cf..a382e6a 100644 --- a/otc/edp.buildth.ing/stacks/garm/optimiser-receiver.yaml +++ b/otc/edp.buildth.ing/stacks/garm/sizer-receiver.yaml @@ -1,7 +1,7 @@ apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - name: optimiser-receiver + name: sizer-receiver namespace: argocd labels: env: dev @@ -22,4 +22,4 @@ spec: source: repoURL: https://observability.buildth.ing/DevFW-CICD/stacks-instances targetRevision: HEAD - path: "otc/edp.buildth.ing/stacks/garm/optimiser-receiver" + path: "otc/edp.buildth.ing/stacks/garm/sizer-receiver" diff --git a/otc/edp.buildth.ing/stacks/garm/optimiser-receiver/deployment.yaml b/otc/edp.buildth.ing/stacks/garm/sizer-receiver/deployment.yaml similarity index 74% rename from otc/edp.buildth.ing/stacks/garm/optimiser-receiver/deployment.yaml rename to otc/edp.buildth.ing/stacks/garm/sizer-receiver/deployment.yaml index f7e366b..2d3eeaa 100644 --- a/otc/edp.buildth.ing/stacks/garm/optimiser-receiver/deployment.yaml +++ b/otc/edp.buildth.ing/stacks/garm/sizer-receiver/deployment.yaml @@ -1,22 +1,22 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: optimiser-receiver + name: sizer-receiver labels: - app: optimiser-receiver + app: sizer-receiver spec: replicas: 1 selector: matchLabels: - app: optimiser-receiver + app: sizer-receiver template: metadata: labels: - app: optimiser-receiver + app: sizer-receiver spec: containers: - name: receiver - image: edp.buildth.ing/devfw-cicd/forgejo-runner-optimiser-receiver:0.0.3 + image: edp.buildth.ing/devfw-cicd/ci-sizer-receiver:0.0.4 args: - --db=/data/metrics.db ports: @@ -27,13 +27,17 @@ spec: - name: RECEIVER_READ_TOKEN valueFrom: secretKeyRef: - name: optimiser-tokens + name: sizer-tokens key: read-token - name: RECEIVER_HMAC_KEY valueFrom: secretKeyRef: - name: optimiser-tokens + name: sizer-tokens key: hmac-key + - name: RECEIVER_CPU_SIZING_MODE + value: "observe" + - name: RECEIVER_MEMORY_QOS + value: "guaranteed" volumeMounts: - name: data mountPath: /data @@ -59,17 +63,17 @@ spec: volumes: - name: data persistentVolumeClaim: - claimName: optimiser-receiver-data + claimName: sizer-receiver-data --- apiVersion: v1 kind: Service metadata: - name: optimiser-receiver + name: sizer-receiver labels: - app: optimiser-receiver + app: sizer-receiver spec: selector: - app: optimiser-receiver + app: sizer-receiver ports: - name: http port: 8080 @@ -79,9 +83,9 @@ spec: apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: optimiser-receiver-data + name: sizer-receiver-data labels: - app: optimiser-receiver + app: sizer-receiver annotations: everest.io/disk-volume-type: GPSSD spec: diff --git a/otc/edp.buildth.ing/stacks/garm/optimiser-receiver/ingress.yaml b/otc/edp.buildth.ing/stacks/garm/sizer-receiver/ingress.yaml similarity index 69% rename from otc/edp.buildth.ing/stacks/garm/optimiser-receiver/ingress.yaml rename to otc/edp.buildth.ing/stacks/garm/sizer-receiver/ingress.yaml index aa6ac34..3fcc484 100644 --- a/otc/edp.buildth.ing/stacks/garm/optimiser-receiver/ingress.yaml +++ b/otc/edp.buildth.ing/stacks/garm/sizer-receiver/ingress.yaml @@ -5,22 +5,22 @@ metadata: nginx.ingress.kubernetes.io/force-ssl-redirect: "true" cert-manager.io/cluster-issuer: main - name: optimiser-receiver + name: sizer-receiver namespace: garm spec: ingressClassName: nginx rules: - - host: optimiser.edp.buildth.ing + - host: sizer.edp.buildth.ing http: paths: - backend: service: - name: optimiser-receiver + name: sizer-receiver port: number: 8080 path: / pathType: Prefix tls: - hosts: - - optimiser.edp.buildth.ing - secretName: optimiser-receiver-tls + - sizer.edp.buildth.ing + secretName: sizer-receiver-tls